$BUILD.Store
Policy

Privacy Policy

Version 0.1 · Last reviewed 2026-07-01 · Sandbox draft

Sandbox draft

Working draft. Production version carries counsel review and a signed effective-date footer.

Who we are

Future Modern Builderberg LLC (“Future Modern,” “we,” “the cooperative”) operates $BUILD.Store, a unified cooperative platform for creative work, technology, and professional services. Registered in Florida.

What we collect

We collect three categories of data:

  • Identity + contact. First name, last name, email, and (optionally) phone. We display first-name-only on public surfaces; full names are confined to admin and Member-internal views.
  • Contribution record. Contracts you were credited on, milestones you completed, peer reviews you gave or received, MVP score sub-ratings, recognitions, canonizations. This is the cooperative canon.
  • Financial. Wallet address (ERC-6551), Stripe payout destination (if configured), and per-contract compensation records.

Why we collect it

  • Operate the platform (route work, credit contributions, settle payouts).
  • Maintain the cooperative canon (recognitions, canonizations, trading cards).
  • Comply with law (tax reporting on payouts, business-records retention).
  • Improve the platform (aggregate, non-personal analytics on engagement).

We do not sell personal data. We do not run behavioral advertising. We do not fingerprint. If you disable analytics cookies we retain full service access.

Who we share it with

See the Subprocessor Registry for the current list of third parties that process cooperative data. Categories include payments, CRM, email delivery, hosting, and (for meeting-minute ingestion) transcript providers you have connected on your own account.

How long we keep it

  • Active accounts: for the life of the account plus 90 days after account close.
  • Financial records: seven years after the transaction, per business-records retention standards. This includes contracts, compensation decisions, wallet ledger entries.
  • Audit log: twelve months hot for operational review; seven years cold for financial and compliance subset. See compliance controls (admin-only) for the mapping.
  • Aggregate analytics: indefinite, but only in anonymized aggregate form.

Your rights

Regardless of jurisdiction, you can:

  • Get a copy of the data we hold about you.
  • Correct anything that's wrong.
  • Ask us to erase your account.
  • Toggle whether your profile is publicly discoverable.

The self-service surface is at /profile/data-rights. Requests are logged to the immutable audit trail so you have a durable record of the ask and the response.

Regulatory windows we honor: 30 days for the GDPR export/ erasure right (Art. 15+17), 45 days for the CCPA right to know / delete (§1798.100+105). Erasure runs a 30-day soft-delete window followed by hard-delete on day 31, with the financial subset retained per legal hold and each retained record audit-stamped at hard-delete.

How we protect it

Encryption in transit (TLS 1.3 minimum), encryption at rest, role-based access with quarterly review, and an append-only audit log recording every consequential mutation. Customer- facing summary at /trust; the long-form technical audit lives at deliverables/compliance/soc2-iso27001-readiness.md.

Children

The cooperative is intended for professional use. We do not knowingly collect data from anyone under 18. If you believe a minor has an account, contact us and we will erase the record.

Changes to this policy

We publish material changes at least 30 days before they take effect and notify active Members by in-app notification.

Contact

Privacy questions: privacy@buildstore (production). Sandbox: use the /contact form.